[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?

To: "Emmanuel Dreyfus" <manu@netbsd.org>
Subject: Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
From: "Ben Wailea, openldap-software" <bwailea+10@gmail.com>
Date: Fri, 15 Aug 2008 21:51:21 -0700
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <1ilr4xl.10i8imo17pb32M%manu@netbsd.org>
References: <48A615A6.6000801@symas.com> <1ilr4xl.10i8imo17pb32M%manu@netbsd.org>

On Fri, Aug 15, 2008 at 9:07 PM, Emmanuel Dreyfus <manu@netbsd.org> wrote:
> Not that some programs will not accept that: sendmail insiste on the ket
> being mode 600, for instance. I had to copy the key in a second file.

yeah, i've found the same issue. pita, imho. exim, e.g., handles it
nicely in that it allows def'n of separate exec & auth users/groups,
so that thte app can run as 'exim', but use other own/perm certs.

atm, not an issue for me though. since i'm implementing this as an
auth server in a 'lightweight' Xen VM, it's just openldap + kerberos +
apache + openssh.  and , it seems, these are ok.

Follow-Ups:
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>

References:
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: Howard Chu <hyc@symas.com>
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
Next by Date: Re: ldap client crypto question
Index(es):
- Chronological
- Thread